ACP database is not backed up on a scheduled basis.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-105	AAMV0420	SV-105r2_rule	CODB-2 DCCS-1 DCCS-2	Medium

Description
Loss of the ACP database would cause an interruption in the service of the operating system environment. If regularly scheduled backups of this database are not processed, system recovery time could be unacceptably long.

STIG	Date
z/OS RACF STIG	2019-12-12

Details

Check Text ( C-17293r1_chk )
a) Check with the IAO and verfiy that procedures exist to backup the security data base and files. Have the IAO identify the dataset names and frequency of the backups. Automated Analysis Refer to the following report produced by the Data Set and Resource Data Collection: - PDI(AAMV0420) For ACF2 sites only, refer to the following report produced by the ACF2 Data Collection: - ACF2CMDS.RPT(ACFBKUP) For TOP SECRET sites only, refer to the following report produced by the TOP SECRET Data Collection: - TSSCMDS.RPT(STATUS) Note: RACF creates an alternate data set and does not have any setting to specify that a backup is created b) If, based on the information provided, it can be determined that the ACP database is being backed up on a regularly scheduled basis, there is NO FINDING. c) If it cannot be determined that the ACP database is being backed up on a regularly scheduled basis, this is a FINDING.

Check Text ( C-17293r1_chk )

a) Check with the IAO and verfiy that procedures exist to backup the security data base and files. Have the IAO identify the dataset names and frequency of the backups.

Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:

- PDI(AAMV0420)

For ACF2 sites only, refer to the following report produced by the ACF2 Data Collection:

- ACF2CMDS.RPT(ACFBKUP)

For TOP SECRET sites only, refer to the following report produced by the TOP SECRET Data Collection:

- TSSCMDS.RPT(STATUS)

Note: RACF creates an alternate data set and does not have any setting to specify that a backup is created

b) If, based on the information provided, it can be determined that the ACP database is being backed up on a regularly scheduled basis, there is NO FINDING.

c) If it cannot be determined that the ACP database is being backed up on a regularly scheduled basis, this is a FINDING.

Fix Text (F-17030r1_fix)
The IAO will ensure that procedures are in place to backup all ACP files needed for recovery on a scheduled basis. Identify the ACP database and ensure that documented processes are in place to back up its contents on a regularly scheduled basis. At a minimum, nightly backup of the ACP databases, and of other critical security files (such as the ACP parameter file). More frequent backups (two or three times daily) will reduce the time necessary to affect recovery. The IAO will verify that the backup job(s) run successfully.

Fix Text (F-17030r1_fix)

The IAO will ensure that procedures are in place to backup all ACP files needed for recovery on a scheduled basis.

Identify the ACP database and ensure that documented processes are in place to back up its contents on a regularly scheduled basis.

At a minimum, nightly backup of the ACP databases, and of other critical security files (such as the ACP parameter file). More frequent backups (two or three times daily) will reduce the time necessary to affect recovery. The IAO will verify that the backup job(s) run successfully.